ITsecurity
twitter facebook rss

DNA-based access control: the dystopian endgame

Posted by on July 27, 2015.

Martin Zinaich yesterday excellently described what he calls the PIT: privacy invasive technology (Falling into the PIT). The implication is that this is a deep, steep pit from which it is already too late to escape. But there was one comment he makes that implies it is going to get worse:

The problem with technology is all of these things start out making common sense… Yet the other side of technology is that it always comes with unintended consequences. We always fall into the PIT…

There is a real danger that we are now on the verge of the dystopian endgame: the ultimate identity ecosphere based on human DNA. Think about this: a central or distributed universal database holding our DNA. From this is generated a unique code. From that is our identity, either as a soft token or on a physical token. And from there access to anything can be granted or denied based on 100% certainty that the applicant is who he or she claims to be.

That is certainly a good result. Passports could include DNA-verification. Terrorists and criminals would easily be located and apprehended at national borders or wherever they do anything electronic. eFraud could be wiped out overnight; identity theft would be eliminated.

That’s the upside. The downside is that governments will eventually sell these DNA databases to interested industry. This is inevitable. In the UK David Cameron is selling a universal health database before he has even collected it. There are suggestions that the Inland Revenue is planning to sell tax records. The list goes on.

But as soon as industry gets its hands on a DNA database, we will start to be ruled by inference. That DNA code will provide ‘potentials’. We will get access to different services and locations based on inferences drawn from potentials exposed by our DNA. Insurance premiums will go up and down based on our DNA potential to develop particular illnesses. Even job applications will succeed or fail based on our potential to take risks, work quietly, take sick days, become depressed and so on. And all of this is without even considering the uses that increasingly authoritarian governments will make of this data — all in the name of ‘national security’.

This image of the future is so dystopian that we refuse to believe it is possible. But it is not only possible, it is inevitable. The technology already exists. The steps are already in place. Cameron is already planning a national DNA database for the UK (disguised within the NHS). His police are separately collecting DNA and refusing to delete it (despite an EU ruling). And in the US, the American people are actually paying to have their DNA taken and stored by a third party (23andme).

It is 23andme that demonstrates the inevitability of this future. The company provides an API for programmable access to its database of DNA records. Why would it do this if it were not expecting to allow third parties easy access to the database? And indeed it already does:

When you choose to participate in 23andMe Research, your data could be used to fuel a variety of genetic studies with our internal research team or with one of our many collaborators at research universities or pharmaceutical companies.

Remember that any database held by any US company is technically accessible by the US government, whatever the nationality of the owner of that data.

Last week a coder posted a simple access control program using 23andme’s API and database (Genetic Access Control). It works. The possibility is no longer just a possibility.

The media has concentrated on the darker potential of this type of system in limiting access to ‘white-only’ or ‘male-only’ websites. Most are failing to see the longer term danger of genetic identity.

Wherever technology exists, it will be used. The potential benefits for governments in some form of universal identity system based on personal DNA are so intense that they will use it. The dystopian future is here already — this is the start of the endgame: the ultimate PIT.

Leave a Reply

Your email address will not be published. Required fields are marked *

Submitted in: Expert Views, Kevin Townsend's opinions, News, News_politics, News_privacy | Tags: ,